Penetration Testing mailing list archives
Using public LDAP directories for attack preparation
From: "Per Thorsheim" <per () thorsheim net>
Date: Wed, 27 Sep 2006 20:27:57 +0200
I've seen a quite a few publicly available LDAP directories on the Internet containing names, e-mail addresses and other employee information for a company. Besides the obvious possibility of harvesting working e-mail addresses for spam purposes, has anyone successfully used such externally available directories for doing targeted social engineering attacks as part of a pentest? Regards, Per Thorsheim CISA, CISM, CISSP ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Using public LDAP directories for attack preparation Per Thorsheim (Sep 27)